Overview

overview

10

Static

static

ohnemacb.dll

windows7-x64

10

ohnemacb.dll

windows10-2004-x64

10

run.bat

windows7-x64

10

run.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    temp.zip

  • Size

    378KB

  • Sample

    221201-t5fv4abg2v

  • MD5

    8e0040f56715712d5a2788436f56f488

  • SHA1

    70ec44bacd78c772b1ebc404d95601d0240c7af2

  • SHA256

    7ea97ff2780d9a736998efa6590e7daddf4561c4e1920143404971da426b1956

  • SHA512

    05632bf807b28d6fe5b615f590f09dc0e7ac855c644ac1ccaa1a5caba0b9aa515f9a6fa1e7e9e900a51329081ac27462dd437ac441f48d2d3fef544fd4bb7534

  • SSDEEP

    6144:L3BCE43ZgJlpDDPwUlPdig/Qc0s4drkAtz7yoohRFMwIXzBCUz7MUQ8P:Lx9rJlqEb/70t33obWwwzBCUz7WY

Score
10/10
icedid447191612bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

447191612

C2

aliopiwert.com

Attributes
  • auth_var

    1

  • url_path

    /news/

Targets

    • Target

      ohnemacb.dll

    • Size

      52KB

    • MD5

      fbc0256953bd692295e5a05006ad7b84

    • SHA1

      102d9c475b26f92deac8477e8f542adc8eb4df36

    • SHA256

      67079b23dfb67a581783d8e8b6787e86b2a208a49a028de66bf207762bffde65

    • SHA512

      f9c2369da19023899f1ce7980ca9fef911f6776c4fb1b41221be9d81266ca6cef4e8891bbba7a9b215a41ba669dbcc84fa65f0fe79580a19663401d885e938ed

    • SSDEEP

      768:6XmxVcNHghTyxkdlwMBv7aM+Ksz330oxoqcs4WEs:PxDdyWdl3UM+KszHzxDcgV

    Score
    10/10
    icedid447191612bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      run.bat

    • Size

      51B

    • MD5

      b3ff52c96eaf66338066c8b59a4f6eeb

    • SHA1

      dbeaaa154d2b6cbf96ac38feb076922d0d325664

    • SHA256

      b0608aaa49011c3ab5d359eb1d53471a4e5044ca7bf87ae1440c128f0f56fbd1

    • SHA512

      d5dbcf567878b28d382e59c6cc3b19ea59f66648c87ea4acd3b33fdbbb1997b38051df4dc4db4221332aaf1177bc0177f151ae66dc86303e27716823159498d6

    Score
    10/10
    icedid447191612bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks